DOWNLOAD ALERT: Foistware Warning

A reader asks: 'My browser is filling up with unwanted toolbars, and I can no longer search with Google. I have anti-virus protection, but these things still creep in somehow, and I don't recall ever asking for them. Where do they come from, and how can I avoid this problem?'

What is Foistware?

Foistware is a term used for software that's "foisted" on you, typically without your knowledge or explicit consent. Foistware isn't technically malware, but it can range from marginally useful, to annoying, to malicious. Most often, foistware takes the form of browser toolbars, but it can also take over your browser homepage and preferred search engines. Some foistware pops up when you visit online shopping sites, and tries to steer you to certain vendors or offers.

Foistware almost always tags along when you download a program that you do want. Through various deceptive practices, the download process may try to add extra, unwanted software to your installation package. Usually it takes the form of a checkbox that's already selected, and if you just click NEXT or CONTINUE without reading carefully, you'll end up with this extra software clutter.

Sometimes confusing buttons, self-serving "recommendations" or items buried in the terms of service play a role. In other cases, a tag-along foistware product will be installed with NO prompt or warning. But thankfully, those are rare.

The purveyors of these pollutants will say that it's your fault for not paying attention, and to a certain point, they're right. If you're very careful to uncheck all those boxes, read every word on each segment of the download/install dialogs, and scan the legalese for gotchas, you can avoid almost all of these foistware nuisances.

But many users have become accustomed to clicking an endless series of Next, Next, Next to get through a software installation. Nobody want to read those long, boring Terms of Service and the accompanying legal blah, blah, blah that can make your eyes glaze over. And plenty of users are not technically savvy enough to understand that a "recommended" toolbar, add-on or plugin is not in their best interests.

You might think this problem would show up mostly in the dark corners of the Web. But the most egregious offenders are some of the most trusted and popular names in Internet software. If you try to download or update your Adobe Reader or Flash Player, Skype, or the Foxit Reader, you'll see examples of what I mean. Adobe pushes the McAfee Security Scan, which you probably don't need because you've already installed one of the options in my list of Free Anti-Virus Programs, right? Foxit Reader, which I use and recommend, is also guilty of pushing the useless Ask.com toolbar. See the images on this page for examples of what to look out for.

The Ask Toolbar is especially loathsome, because it has a delayed installer. You'll download your software and everything appears to be fine. No annoying popups or toolbars in your browser, great. But after lurking for ten minutes, the Ask Toolbar installer springs to life and does its dirty work. Later, you open your browser, and see the damage. And hopefully, you'll chalk it up to a lapse in your anti-virus program, instead of blaming the company that foisted it on you.

Hope and Change?

There are a few bright spots in the foistware arena. The ever-popular Skype used to push unwanted software extras, but now they just want to mess with your browser settings by foisting Bing and MSN on you. More good news comes from Oracle and their ubiquitous Java. Until very recently, downloads for Java or Java security updates would present you with a pre-checked offer to install the Ask Toolbar.

And with the recent Java security scares, most people just wanted to get the updates and get on with it. I imagine that several million people got the Ask Toolbar in this manner, during last week's Java security panic. But as of last Friday, my tests indicate that Oracle has removed the offer to bundle Ask with Java downloads. So good for them. (Ugh, it's back. I'm putting Java on the Naughty List again.)

And I have to mention Ninite, an awesome service that lets you select one or more popular downloads, and safely download them with a few clicks. It eliminates the Next, Next, Next by automating the installation process; promises no toolbars or other unwanted extras; and will help you update your software to the latest version when necessary. It's free, and it just works.

CNET/Download.com: A Six-Part Horror Story

I've saved the best (or worst, depending on your point of view) for last. Recently, CNET, which I always admired for their trusted reviews, safe downloads and tech advice, has become one of the worst offenders in the foistware game. CNET has a popup disclaimer on their download buttons that says: "The CNET Download.com Installer is a tiny ad-supported "download manager" that helps securely deliver your downloads. We also include offers for carefully screened software that complies with Download.com policies..."

That doesn't sound too bad. After all, CNET has been around since before Al Gore invented the Internet, and they're the good guys, right? Well, I decided to try downloading a program from CNET called Toolbar Cleaner. As you might expect, it offers to remove annoying and unwanted toolbars from your computer. The CNET download process plays out over six successive screens. The first screen you see after clicking the green Download button is cluttered with misleading ads that want you click on more "Download Now" buttons that have nothing to do with the program you actually want to download. There's actually nothing you need to click here at all. If you have a fast connection, a familiar browser popup will appear, prompting you to save or run the downloaded file. If you have a slow connection, you may wonder what's going on, explore the various deceptive ads on the page, and click off in the wrong direction.

If you're lucky, you'll see what looks like another ad across the page that instructs you to open the Installer, click 'Yes' or 'Run', and follow the Installer instructions. Assuming you get this far, you'll be greeted by the CNET Download.com installer window (Step 1 of 5), which assures you that you're installing the right program, and that it's virus and spyware free.

Clicking NEXT STEP brings you to the point where the first foistware is offered. If you're not paying close attention here in Step 2, you'll end up installing "Coupon Companion," which is an adware app that messes with your browser settings and redirects your searches. (See the first CNET image on this page, above.) The privacy policy says that it "may collect or store information about the web pages you visit and your activity on those pages. Information collected by the plugin may be personally identifiable, and may be used or shared with third parties."

Ick. If that's not bad enough, it's also difficult to completely remove this pest. (MalwareBytes AntiMalware identifies it as malicious, and will remove it.) The download screen prompts you to "Click ACCEPT now to continue your installation". If you do happen to read the text underneath, you may be left wondering whether the DECLINE or CLOSE buttons will let you continue with the installation of Toolbar Cleaner.

Moving along to Step 3, the next screen in the CNET/Download.com process prompts you to "Click NEXT STEP now to continue." But wait, there's a bunch of tiny pre-selected checkboxes lurking. If you fail to notice, you'll get the Iminent Toolbar, and Iminent SearchTheWeb bolted on to your web browser. In other tests I ran, a different toolbar/browser/search hijack combo called Visual Bee was offered. Failure to uncheck these boxes will result in these annoying (and possibly malicious) toolbars winding up on your computer. (See my related article My Browser Got Hijacked to learn more about these pests, and how to remove them.)

Thankfully, Step 4 and Step 5 are innocuous, and you can finally click a green INSTALL NOW button, to install your software. I ran through the CNET download process several times, and in one instance, it prompted me to add THREE unwanted extra programs to my download bundle. I was incredulous that CNET tried to foist two or three browser toolbars on me while trying to download a program that's supposed to *remove* toolbars. If you make it through this gauntlet unscathed, carefully unchecking and declining all of CNET's "carefully screened offers", you'll finally get to download the installer for Toolbar Cleaner.

This is where the horror show is supposed to end. "But wait..." as they say in those infomercials, "there's more!" I clicked on the installer I had just downloaded, and guess what? The Toolbar Cleaner Setup Wizard instructed me to simply click FINISH to close the wizard. But below that, two more pre-selected checkboxes recommended that I "Protect my system with Anti-phishing Domain Advisor" and change my browser start page to MyStart. More foistware and browser hijacking nonsense. The CANCEL button is greyed out, so your only option is to uncheck those boxes and continue onward. But after all that, there's no way I'm going to trust this program on my computer. Or CNET, either, until they clean up this mess.

I understand that online businesses that provide free advice, reviews and other services have to do something to make money. So ads and sponsors are part of the Internet ecosystem. But deceptive practices don't have to be. Tricking unsuspecting users into downloading crappy or malicious software is obviously wrong. I'd be fine if they put that checkbox on the page and recommended a useful add-on program. Just leave it up to me to check that box and decide that I want a toolbar, plugin or whatever.

Do you have something to say about foistware? Post your comment or question below...

Most recent comments on "DOWNLOAD ALERT: Foistware Warning"

Thanks Bob, I have already sworn off Cnet. I am an avid download junkie and the sweet little installer program by cnet is the definite tipoff to a ripoff. I knew there would eventually be trouble when the current greed-laden owner slithered in like a snake with cnet singing all the orchestrated praises. The word BROADCASTER is the key and CBS is probably the slimiest, though I will have to admit it is a close race.

Now I just need to check and see if I can eliminate all the cnet services I subscribe to.
There are plenty of good download sites without these money-grabbing advertising purveyors.

Posted by:
Jim Brown
03 Feb 2013

Great article Bob. But I still believe CNET is a good place for getting good (and free) software from as long as you are very careful to tick or untick the appropriate boxes and click the decline buttons.
There are some places on CNET that don't give you any foist ware, for example the download for AVG 2013.

Posted by:
Aussie
03 Feb 2013

Thanks Bob ... I got foistware from C-Net myself the other day ... It took me 15 minutes to clear my new computer after the installation. I used to trust C-Net implicitly ... but I'm done with C-Net after seeing your report.

Posted by:
Peter Thompson
04 Feb 2013

The annoying thing with CNET is that while they often have a direct download link a lot now don't which means if you want the program you have to do a search for it.

I understand small developers need to offer these to make small revenue but some of them shouldn't.

Posted by:
Glenda Oakley
04 Feb 2013

Why would an average user know the direct download link would be any different to the big green button? They see the green button and presume that is the button they are meant to press. I too recomend cnet and go there for anything I need. I even get something there that I need to pay for, but I too have noticed the tricks of extra installations that I did not want. I do uncheck anything extra as I have learnt the hard way. I am sure it is worded that if you do not Accept, etc, you might not get your download. As you said, it should be us, that checks the boxes, not them. They rely on a lot of people who are not that savvy, newbies, and some elderly (I am elderly, so not all elderly lol) Not all users are able to easily get rid of these additions, or change their search preferences.

Posted by:
Julie
04 Feb 2013

I always wondered (if I had a junk older computer to use) just how many toolbars I could download. Could I get so many that the browser window would be completely gone?

Posted by:
Joney
04 Feb 2013

Quite simply I no longer trust C~NET after the hassle I had after the last download.

What a shame that a short-term gain has lost the long term trust of many users

Is there an alternative these days?

Posted by:
Larry Margolis
05 Feb 2013

Just today, about 10 minutes before I read this article, I started to download CutePDF, a free program to convert Word docs to a PDF. I have done this before and had no problem; so, imagine my surprise when I got the CNET window illustrated. After not reading the fine print and getting to the 3rd window I realized that something was wrong. So I bailed. I tried it again and this time I read the find print and deleted everything and downloaded a different PDF converter.

Posted by:
Wayne Potter
05 Feb 2013

Crapware,or Malware, or Foistware are all the same, Bullcrap programs for the Advertisers to make money! they are not made in the typical users intrest!

Posted by:
Andy
24 May 2013

From download.com, several years ago, I donwloaded a game. Ican't remember if it was an anti-spy or anti-virus which detected a trojan downloader. I sent it to virustotal.com which 13 AVs detected the infection. I contacted CNET and told them it was infected. There reply was that they had tested it with THEIR anti-virus and found it CLEAN. They didn't care despite I gave them the VTotal link to confirm what I said. So I agree with you completely BOB about CNET. I've had the TEchtracker on my computer for several years and everything was OK. Then they updated it a year or so ago and a lot of crapware started getting installed. I stopped selecting the recommended install which caused the rubbish to be installed. Now, as you've quite rightly said, started this new Download App, which I tried and YES I did uncheck ALL the "hidden" Pre-checked "YES PLEASE!!" boxes for them to install crap. I installed one of their updates and then spent several hours cleaning the computer of this rubbish. I started getting pop-ups and Firefox was Hijacked. I ran Superantispyware, SPybot and Maleware Antibytes to get rid of all the sh*t.
Andy

Posted by:
Stanley Ericsson
26 May 2013

Bob, thanks for so much, including your appreciation for proper grammar, etc. ....
There's a common mistake I see in much of your web writing, however. So, an appreciative nudge:
http://voxunum.blogspot.com/2012/04/its-not-its-its-its.html
The visual may be worth posting.

Posted by:
Dick
17 Sep 2013

Bob, you forgot to mention Microsoft. I've run Microsoft Update only to find the Bing Desktop and the Bing Bar presented as "high priority updates". High priority for whom? I certainly don't need--or want--them. It's one thing to offer those programs, but entirely another to imply that they are needed to keep your machine functioning, which is the way I interpret the "high priority" category. Yes I've hidden those updates, but it still annoys me.

Posted by:
Rob365
17 Sep 2013

I quit accessing the Cnet black hole years ago in favor of Filehippo. And that was when Cnet was just considered untrustworthy. I read your article with great interest and it was no surprise to me they have reached a sleazy new low. Good for them, they have established a new bench mark for other sewer dwellers to aspire to.

Posted by:
Mike
25 Sep 2013

I had the priviledge/bad-luck to try to disinfect three computers belonging to a friend. One Win7 laptop, one XP desktop, and one Win7 desktop. I had never heard of AdwCleaner from BleepingComputer.com, and it apparently was successful in reaming out what you call foistware from all three. I was so impressed I used it on my desktop.

BleepingComputer Review:
"AdwCleaner is a program that searches for and deletes Adware, Toolbars, Potentially Unwanted Programs (PUP), and browser Hijackers from your computer..."
"The types of programs that AdwCleaner targets are typically bundled with free programs that you download from the web. In many cases when you download and install a program, the install will state that these programs will be installed along with the program you downloaded. Unless you perform a Custom install, these unwanted programs will automatically be installed on your computer leaving you with extra browser toolbars, adware, and other unwanted programs. AdwCleaner is designed to search for and remove these types of programs."

It seemed to do all this on 4 computers. I'm satisfied.

Posted by:
Gene De Lorenzo
12 Oct 2013

I, too, have been around PC's since dirt, and CNET used to be one of my favorite sources for information and software, but, since one of their recent downloads stuck me with the "conduit.exe" malware, I simply removed CNET from my bookmarks, and refuse to visit that site ever again. I'm surely not alone in this experience, and once CNET becomes aware of the pariah they've made themselves, maybe they'll consider changing their ways. I'm not willing to bet on it, but there are many alternative fish in the Internet sea.

Posted by:
Gridbald
23 Oct 2013

I'm not exactly computer nerdish and AskBobRankin has been bookmarked for a long time. But I THOUGHT I was savvy enough to thwart CNet's chicanary but ended up with crapware which took a system restore to remove.

CNet is now on page 1 of my Book Of Obscenities and will NEVER be visited again.

Posted by:
Wendy Lavender
28 Oct 2013

I gave CNet the flick some time ago when it became a nighmare to do a simple download and install from their site.
I use Filehippo for my freeware but even then, the software itself can contant traps as you have mentioned. MUST read every box before clicking and even then you can be tricked into clicking the wrong option.
That ASK foistware is a menace, another one is Bueno Seach.

Posted by:
Bordino GT
31 Jan 2014

Did this happen as a result of CNET being bought by CBS?

I made the mistake of downloading a media player called Synapse; carefully avoided all the appalling foistware only to find the player would not load properly for use. Went to the program's home page which is merely a list of advertizing links. Doing that resulted in SearchConduit suddenly appearing in all my browsers. After a couple of hours of work I finally had it removed only to have it reappear on rebooting the laptop the next day. It took a Norton tech about 45 minutes get rid of it. If you look at the reviews you'll see them divided between really bad and really good; the bad ones report the application doesn't load. I think it is clearly a scam. CNET's vetting is not what it used to be.

Thanks for the hints about ZDNet, somehow I'd lost track of them.

And you too, Daldoggy, for MajorGeeks; didn't know about them.

Posted by:
T
01 Feb 2014

Somewhere related to this article you recommended some program that included "advanced securitycare" or something similar. I went looking, had to work to find somebody besides CDNet to get it from. Long story short as I can make it:
!. downloaded something that was supposed to be it but ended up as something taking over the machine
2 downloaded it but had to fight 6 ways from Sunday to avoid multitudes of foist ware
3 ended up with a hijacked Firefox
4 uninstalled Firefox, downloaded a new setup, reinstalled - it's still hijacked.
I'm gonna go set Chrome as much as I hate Google.

Posted by:
Andy68
21 Aug 2014

Hi, I know this is a little old but as Filehippo has been mentioned, I thought I'd add some new news.
Now Filehippo has added it's own little installer which they say will help with the downloads. I discovered it today when Filehippo's UpdateChecker said that 2 programs needed updating. Clicking on the "View Results" quite rightly took me to the results on the Filehippo Website. Now here is the WARNING!!! When I clicked on the Green arrow (just like before) the download started, then I started to run the installer (little strange only 752kb while my program is 35.7MB). OK hold everything, this is a new installer and it says that you can say yes/no to third party add-ons etc. After reading everything, I discovered what you have to do. Use the results page to see what program(s) need updating. Enter the program name in Filehippo's search box. ONLY THIS WAY can you find the little blue "Direct Download" box under their BIG Green Rectangle. Not ALL programs download the installer. The two I was to update were "Foxit Reader" which has the installer and Java Runtime Environment 8.0 build 20 (64-bit)which at this time doesn't have it!!
If you like to use their installer, don't use Express or default install ALWAYS use CUSTOM or ADVANCE!!

Post your Comments, Questions or Suggestions

* Name:
* Email:
(* = Required field)

(Your email address will not be published)

Comments: (you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.